libemail-address-perl security update

To: debian-lts-announce@lists.debian.org
Subject: libemail-address-perl security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 29 Jun 2014 19:09:15 +0000
Message-id: <[🔎] E1X1KTT-0001ro-Us@master.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libemail-address-perl
Version        : 1.889-2+deb6u1
CVE ID         : CVE-2014-0477

Bastian Blank reported a denial of service vulnerability in
Email::Address, a Perl module for RFC 2822 address parsing and creation.
Email::Address::parse used significant time on parsing empty quoted
strings. A remote attacker able to supply specifically crafted input to
an application using Email::Address for parsing, could use this flaw to
mount a denial of service attack against the application.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTsGP4AAoJEAVMuPMTQ89E0m4P/12M9PjWyK7Bf4lqgqADFa/q
8EIOowIHG/4SCgC57oKbPQvnyIQ5nyMDRM8H1SlcWWHV+jkgckB3YrF/hgHxfAnF
oA+1WLFMttY5rLsTVOOOyZIGL22NlCrJ1Vhx7p2RpNVtUBp7K4pDJAr6LUAn43NL
FeVWIz5KfNGntvBPZbpsRMscIkadDDQ6vNUGaZOF2LTPr3rzNWWbQxd6bIsxJF2E
L4Hubj7t+8aaj4k7Xf39BR4ewpSqYo/AxeQBJLGC8VeRDnHf6uOFaOxtvcfkjR9l
JZW/JKgOoN8vZBkJHMhVbkNpHJMlkkUsk3YUfJkK3XjFu0qJ0DwH3Di0k4GdGtYH
X2QaPFxuLKkDvaI5GumUfddDKdALq8mWuDFEkOTjUXf3WaAl83/7dLGbK9I8tUde
coWz5Pdfh6tyGNzWfb5KgUrWI86FsIeNwdmAVy/5ZZOG8Fg0THamaLVfOiqV7pON
LUsbBaJ2pTKjnwychPCnZGwVtytEakx7ATTxTlCJrESWbFnLViRrDlq9teqmOvoY
6gADfbykNAud2+K4VU9tUwNFbB2rwoO+9a68g/wU3208H5cQ6Xx8kHqqHtqdBlhH
0GSLB/oweJdX961AuuhpcW3DdzCdh+G6LuPpcAuIKUuCnLWwjOgEWQi8pOngdkpy
1XhpDc/IwLdSUDJfGC/C
=+iWp
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: php5 security update
Next by Date: gnupg security update
Previous by thread: php5 security update
Next by thread: gnupg security update
Index(es):
- Date
- Thread